GHSA-v935-pqmr-g8v9 – num-bigint

Package

Manager: cargo
Name: num-bigint
Vulnerable Version: >=0.4.1 <0.4.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Unexpected panics in num-bigint ### Impact Two scenarios were reported where `BigInt` and `BigUint` multiplication may unexpectedly panic. - The internal `mac3` function did not expect the possibility of non-empty all-zero inputs, leading to an `unwrap()` panic. - A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic. Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability. ### Patches Both problems were introduced in version 0.4.1, and are fixed in version 0.4.3. ### For more information If you have any questions or comments about this advisory, please open an issue in the [num-bigint](https://github.com/rust-num/num-bigint) repo. ### Acknowledgements Thanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author. ### References * [GHSA-v935-pqmr-g8v9](https://github.com/rust-num/num-bigint/security/advisories/GHSA-v935-pqmr-g8v9) * [num-bigint#228](https://github.com/rust-num/num-bigint/pull/228)

Metadata

Created: 2021-11-03T17:36:04Z
Modified: 2021-11-03T15:02:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-v935-pqmr-g8v9/GHSA-v935-pqmr-g8v9.json
CWE IDs: ["CWE-131", "CWE-20"]
Alternative ID: N/A
Finding: F184
Auto approve: 1